[technique] WiP : Proposition de conf BGP
Jérôme Nicolle
jerome at ceriz.fr
Sam 17 Déc 19:16:16 CET 2011
Arf, j'avais oublié des tas de trucs en fait
###
#
# BIRD IPv4 COnfiguration for AS197422 - Paris node (gw.tetaneutral.net)
#
###
#
# Conventions
#
# Local Prefs :
# (beware localprefs are transmited over iBGP : should be set
accordingly for internal TE)
# - Customers / members fromm 300 to 399
# - IX from 200 to 299
# - Transits from 100 to 199
#
# Communities :
# WiP
#
###
#
# History (topmost is most recent activity)
# 20111217 - jerome at ceriz.fr - major rewriting, creation of doc header
# local pref rescaling - tie break avoidance on IX's RS, should make
updates faster
# commented out remotely disconfigured peers
#
###
router id 91.224.148.1;
define myas = 197422;
timeformat base iso long;
timeformat log iso long;
timeformat protocol iso long;
timeformat route iso long;
# incremented log (jni 20111217)
log "/var/log/bird-20111217.log" all;
debug commands 2;
# disabled debuging (jni 20111217)
#debug protocols all;
#debug protocols { states };
#debug protocols { routes };
#debug protocols { filters };
#debug protocols { interfaces };
#debug protocols { events };
#debug protocols { packets };
debug protocols off;
#debug protocols { states, events };
protocol device {
scan time 10;
primary "eth0.124" 195.250.40.154;
}
protocol static static_bgp {
import all;
route 91.224.148.0/23 reject;
}
protocol static {
route 192.168.2.0/24 via "eth0";
route 91.224.149.0/24 via 91.224.148.3;
route 91.224.148.4/31 via 91.224.148.3;
}
protocol kernel{
import all;
export all;
}
function avoid_martians()
prefix set martians;
{
# replaced pfx_lenght and 0/0 route by extended martian filters,
faster and shorter (jni 20111217)
martians = [ 169.254.0.0/16+,
172.16.0.0/12+,
192.168.0.0/16+,
10.0.0.0/8+,
224.0.0.0/4+,
240.0.0.0/4+,
0.0.0.0/32-,
0.0.0.0/0{25,32},
0.0.0.0/0{0,7} ];
if net ~ martians then return false;
return true;
}
filter bgp_OUT {
if (net ~ [91.224.148.0/23]) then accept;
else reject;
}
filter bgp_OUT_148 {
if (net ~ [91.224.148.0/24]) then accept;
else reject;
}
filter bgp_OUT_149 {
if (net ~ [91.224.149.0/24]) then accept;
else reject;
}
filter bgp_IN_CHIWAWA {
if (net ~ [91.224.148.32/29]) then accept;
else reject;
}
###
# BGP sessions
###
# iBGP session to h3
protocol bgp TETANEUTRAL {
local as myas;
neighbor 91.224.148.3 as myas;
#preference 50; # not required : eBGP prefered over iBGP (jni
20111217)
#import where avoid_martians();
import bgp_IN_CHIWAWA;
export all;
}
#
# transits
#
protocol bgp GIXE {
local as myas;
neighbor 195.250.40.153 as 31576;
import where avoid_martians();
export filter bgp_OUT;
preference 100;
}
# inactive as of 20111217
#protocol bgp LIAZO {
# local as myas;
# neighbor 178.20.55.178 as 50618;
# import where avoid_martians();
# export filter bgp_OUT;
# preference 110;
#}
protocol bgp ABSOLIGHT {
local as myas;
neighbor 79.143.245.101 as 29608;
preference 155;
import where avoid_martians();
export filter bgp_OUT;
}
###
#
# IX route serveurs
#
###
#
# Local Prefs settings :
#
# We prefer some IX over others due to capacity and/or price
# Primary RS are slightly prefered over secondary RS to make the BGP
# decision process faster, yet keeping redundancy
#
# FR-IX : pri 201, sec 200
# France-IX : pri 250, sec 249
# Equinix-IX : pri 280, sec 279
#
###
# fr-ix : per-trafic fee (?), deprecated over other IXs
protocol bgp FR_IX_RS1 {
local as myas;
neighbor 91.216.67.1 as 65444;
preference 200;
import where avoid_martians();
export filter bgp_OUT;
}
protocol bgp FR_IX_RS2 {
local as myas;
neighbor 91.216.67.2 as 65444;
preference 201;
import where avoid_martians();
export filter bgp_OUT;
}
# disabled for Paris' gw
#protocol bgp TOUIX {
# local as myas;
# neighbor 91.213.236.1 as 47184;
# import where avoid_martians();
# export filter bgp_OUT;
#}
# france-ix : FastE port, deprecated over Equinix
protocol bgp FRANCE_IX_RS1 {
local as myas;
neighbor 193.105.232.250 as 51706;
preference 250;
import where avoid_martians();
export filter bgp_OUT;
#password "mypass";
}
protocol bgp FRANCE_IX_RS2 {
local as myas;
neighbor 193.105.232.251 as 51706;
preference 249;
import where avoid_martians();
export filter bgp_OUT;
#password "mypass";
}
# equinix : GigE port, prefered over France-IX
protocol bgp EQUINIX_IX_COLLECTOR {
local as myas;
neighbor 195.42.144.250 as 65517;
import where avoid_martians();
export filter bgp_OUT;
}
protocol bgp EQUINIX_IX_RS1 {
local as myas;
neighbor 195.42.144.98 as 24115;
preference 279;
next hop self;
import where avoid_martians();
export filter bgp_OUT;
}
protocol bgp EQUINIX_IX_RS2 {
local as myas;
neighbor 195.42.144.99 as 24115;
preference 280;
next hop self;
import where avoid_martians();
export filter bgp_OUT;
}
#
# Individual peers out of RS
#
# note : LP should be set according to IX : shortest AS path will be
prefered anyway
#
# AFNIC 1 on France IX
protocol bgp AFNIC_1 {
local as myas;
neighbor 193.105.232.20 as 2483;
preference 249;
import where avoid_martians();
export filter bgp_OUT;
}
# AFNIC 2 on France IX
protocol bgp AFNIC_2 {
local as myas;
neighbor 193.105.232.21 as 2486;
preference 250;
import where avoid_martians();
export filter bgp_OUT;
}
# AFNIC on Equinix
protocol bgp AFNIC_EQUINIX {
local as myas;
neighbor 195.42.144.153 as 2486;
preference 280;
import where avoid_martians();
export filter bgp_OUT;
}
protocol bgp SIS_EQUINIX {
local as myas;
neighbor 195.42.144.77 as 50858;
preference 280;
import where avoid_martians();
export filter bgp_OUT;
}
# lowered IPv4 pref on HE to avoid their london core
protocol bgp HE_EQUINIX_IX {
#local as 65422;
#enable as4 off;
local as myas;
neighbor 195.42.144.104 as 6939;
preference 210;
#passive on;
import where avoid_martians();
export filter bgp_OUT;
}
protocol bgp HE_FRANCE_IX {
local as myas;
neighbor 193.105.232.10 as 6939;
preference 250;
import where avoid_martians();
export filter bgp_OUT;
}
protocol bgp E4A_EQUINIX_IX {
local as myas;
neighbor 195.42.144.69 as 34695;
preference 280;
import where avoid_martians();
export filter bgp_OUT;
}
protocol bgp E4A_FRANCE_IX {
local as myas;
neighbor 193.105.232.26 as 34695;
preference 250;
import where avoid_martians();
export filter bgp_OUT;
}
# inactive as of 20111217
#protocol bgp IKOULA_FRANCE_IX {
# local as myas;
# neighbor 193.105.232.76 as 21409;
# preference 280;
# import where avoid_martians();
# export filter bgp_OUT;
#}
protocol bgp CLARANET_EQUINIX_IX {
local as myas;
neighbor 195.42.144.30 as 8426;
preference 280;
import where avoid_martians();
export filter bgp_OUT;
}
##Does not support ASN32 yet
#protocol bgp CLARANET_1_FRANCE_IX {
# local as myas;
# neighbor 193.105.232.60 as 8426;
# preference 300;
# import where avoid_martians();
# export filter bgp_OUT;
#}
protocol bgp CLARANET_2_FRANCE_IX {
local as myas;
neighbor 193.105.232.61 as 8426;
preference 250;
import where avoid_martians();
export filter bgp_OUT;
}
protocol bgp PCH_1_EQUINIX_IX {
local as myas;
neighbor 195.42.144.17 as 42;
preference 280;
import where avoid_martians();
export filter bgp_OUT;
}
protocol bgp PCH_2_EQUINIX_IX {
local as myas;
neighbor 195.42.144.18 as 3856;
preference 279;
import where avoid_martians();
export filter bgp_OUT;
}
protocol bgp PCH_1_FRANCE_IX {
local as myas;
neighbor 193.105.232.92 as 42;
preference 250;
import where avoid_martians();
export filter bgp_OUT;
}
protocol bgp PCH_2_FRANCE_IX {
local as myas;
neighbor 193.105.232.91 as 3856;
preference 249;
import where avoid_martians();
export filter bgp_OUT;
}
# inactive as of 20111217
#protocol bgp ASCUS_EQUINIX_IX {
# local as myas;
# neighbor 195.42.144.118 as 39912;
# preference 280;
# import where avoid_martians();
# export filter bgp_OUT;
#}
# inactive as of 20111217
#protocol bgp ASCUS_FRANCE_IX {
# local as myas;
# neighbor 193.105.232.85 as 39912;
# preference 250;
# import where avoid_martians();
# export filter bgp_OUT;
#}
# inactive as of 20111217
#protocol bgp AQUARAY_EQUINIX_IX {
# local as myas;
# neighbor 195.42.144.145 as 41653;
# preference 280;
# import where avoid_martians();
# export filter bgp_OUT;
#}
# inactive as of 20111217
#protocol bgp MULTIVISP_EQUINIX_IX {
# local as myas;
# neighbor 195.42.144.38 as 34021;
# preference 280;
# import where avoid_martians();
# export filter bgp_OUT;
#}
protocol bgp GANDI_EQUINIX_IX {
local as myas;
neighbor 195.42.144.8 as 29169;
preference 280;
import where avoid_martians();
export filter bgp_OUT;
}
# inactive as of 20111217
#protocol bgp ALSATIS_EQUINIX_IX {
# local as myas;
# neighbor 195.42.144.70 as 48072;
# preference 280;
# import where avoid_martians();
# export filter bgp_OUT;
#}
# inactive as of 20111217
#protocol bgp HEXAGLOBE_EQUINIX_IX {
# local as myas;
# neighbor 195.42.144.110 as 31564;
# preference 280;
# import where avoid_martians();
# export filter bgp_OUT;
#}
protocol bgp INIT7_EQUINIX_IX {
local as myas;
neighbor 195.42.144.138 as 13030;
preference 280;
import where avoid_martians();
export filter bgp_OUT;
}
# inactive as of 20111217
#protocol bgp PPR_FRANCE_IX {
# local as myas;
# neighbor 193.105.232.64 as 15422;
# preference 250;
# import where avoid_martians();
# export filter bgp_OUT;
#}
# inactive as of 20111217
#protocol bgp PPR_EQUINIX_IX {
# local as myas;
# neighbor 195.42.144.107 as 15422;
# preference 280;
# import where avoid_martians();
# export filter bgp_OUT;
#}
protocol bgp ATRATO_FRANCE_IX {
local as myas;
neighbor 193.105.232.9 as 5580;
preference 250;
import where avoid_martians();
export filter bgp_OUT;
}
# inactive as of 20111217
#protocol bgp AZURIA_EQUINIX_IX {
# local as myas;
# neighbor 195.42.144.141 as 28877;
# preference 280;
# import where avoid_martians();
# export filter bgp_OUT;
#}
protocol bgp AS112_FRANCE_IX {
local as myas;
neighbor 193.105.232.37 as 112;
preference 250;
import where avoid_martians();
export filter bgp_OUT;
}
protocol bgp AS112_EQUINIX_IX {
local as myas;
neighbor 195.42.144.146 as 112;
preference 280;
import where avoid_martians();
export filter bgp_OUT;
}
#
# Customers / members
#
#backup access : lower pref than primary (399)
protocol bgp CHIWAWA {
local as myas;
neighbor 91.224.148.19 as 64600;
import filter bgp_IN_CHIWAWA;
export where avoid_martians();
preference 350;
}
--
Jérôme Nicolle
06 19 31 27 14
Plus d'informations sur la liste de diffusion technique